In Check Point’s H2 2017 Global Threat Intelligence Trends Report, you can have an extended view of the second half of 2017 in terms of security. The report analyses data from 250 million addresses analyzed for bot discovery, 11 million malware signatures, and 5.5 million infected websites to highlight the most compromising and/or prevalent threats.

In September we saw Equifax data getting compromised, mostly Social Security Numbers and other personal information belonging to 143 million US consumers. A couple of months after that, the malware Bad Rabbit infected institutions in Russia and Ukraine. And lastly, Check Point listed a cryptocurrency miner in the top of its monthly Global Threat Index at the end of the year.

One of the most remarkable points in the report is the rise in ubiquity of cryptocurrency miners, and how they’ve become a threat themselves.

“The second half of 2017 has seen crypto-miners take the world by storm to become a favorite monetizing attack vector,” comments Maya Horowitz, threat intelligence group manager at Check Point. “While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware.”

Many cryptocurrency miners were using other people’s computer power through website infections to mine bitcoin. However, the number of exploit kits decreased as a result of new security mechanisms introduced by web browsers and the increasing difficulty of discovering zero-day vulnerabilities before they’re sold on the dark web. Spam operations and malspam also went down.

During the second half of 2017, there has been a range of new malware families which have emerged recycling successful code from other malware. For example, Internet of Things (IoT) botnets IoTroop and Satori took code from Mirai.

Malware, by categories

Overall, the largest malware family is Roughted, with 15.3% of all reported malware belonging to this category. It peaked during May and June, but the threat fell considerably within a month. However, it is still prevalent. CoinHive, a crypto-miner malware; and Locky, a crypto-ransomware, are the two other big families accounting for around 8% each.

When it comes to ransomware, Locky accounts for almost a third of all breaches, but Globeimposter and WannaCry follow closely, with over a quarter and nearly a six of the total, respectively.

Trojan Ramnit tops the list of banking malware, with 34% of the total. This malware steals banking credentials, FTP passwords, session cookies, and personal data. Zeus (22%) and Tinba (16%) are the other candidates in the top three.

When it comes to mobile malware, Hidad is king, with over half of infections attributed to this malware family targeting Android. Triada and Lotoor are some of the other Android malware that lurk about in abundance.

And lastly, crypto-mining malware. Coinhave, the Monero miner, makes up over half of the infections, with Cryptoloot and Coinnebula following far behind.

What’s to come

Check Point believes that blockchain attacks will evolve in the upcoming year, and so will virtual wallet and credential theft. Same goes for cryptocurrency – now that it has become a mainstream trend, it is likely that new targets and new methods will be developed. With these attacks, there will be a rise in banking trojans, and mobile botnets designed to mine cryptos illicitly.

Check Point also predicts that IoT attacks will become more and more sophisticated. The research company also anticipates that the security industry will see more cross-platform malware attacks.